Microsoft Corp issued patches on Tuesday to fix a bug in its Windows operating system that remained undiscovered for 19 years.
In its latest security bulletin, Microsoft said the bug was present in every version of Microsoft Windows from Windows 95 onward. They added that the bug could allow an attacker to remotely take over and control a computer.
IBM Corp's cybersecurity research team discovered the bug in May, describing it as a "significant vulnerability" in the operating system.
"The buggy code is at least 19 years old and has been remotely exploitable for the past 18 years," IBM X-Force research team said in its blog on Tuesday.
“Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access,” said the blog.
“This complex vulnerability is a rare, “unicorn-like” bug found in code that Internet Explorer (IE) relies on but doesn’t necessarily belong to,” the blog adds.
The IBM X-Force Research team believes that the bug had originated with the introduction of IE 3.0 and the subsequent inclusion of Visual Basic Script (VBScript) in the browser as it easily “makes [the browser] vulnerable for “an attacker” the blog further adds.
The blog admitted the possibility of other potential undiscovered bugs posing serious vulnerability threats might still be exist in the operating system.
“These data manipulation vulnerabilities could lead to substantial exploitation scenarios from the manipulation of data values to remote code execution,” said the blog.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ